Will you download the contact tracing app?

poff

One of the problems is, that our smart phones have operating systems made by google or apple. For that reason, we don't really have a choice. They provide the "Application programming interface" for the programmers of an app, It defines, how calls to the bluetooth hardware (or any other hardware, e.g. GPS, microphone or speakers, etc) are made. They are also disallowing for centralised tracing - or tracking if you wish, which is also a possibility. By owning a smartphone, you have to have some trust in the company which supplies or programmes it.

The next step is the programming side. This is where our government or/and HSE comes in. They can decide what features such an app should have. The also can decide whether the development of such an app will be open and verifiable or not. Due to the app providing data about ourselves, we, I think, should be allowed to look inside the programming to verify that it is only doing what it is supposed to do. You might not have anything to hide..., the emphasis is on "anything". What does "anything" mean? Do you know? I don't and this is, where I have a problem, and this is, where the trust comes in, and this is where I say: if you (gov and HSE) have nothing to hide, why don't you open the development, make the app open source? As we depend on that such an app is used by everybody, I would not want people to wonder "can I trust such an app". I wanted them to install the app. Open source -> programming verified -> trust established -> problem solved.

What are the personal details I would not trust the HSE? Bank details? ATM PIN numbers? Pornhub search history? What you had for dinner?

If I am asked nicely, I might tell them what I had for dinner, or anything else they would be interested in. But they have to ask me "what did you have for dinner?", they may not just gather all data without telling me what they gather, without giving me a choice of what to answer. I like my privacy being respected.

I hope, this explains the "I have something to hide" bit. My openess requires their openess. A fair exchange.

I don’t be at anything illegal so they can work away.

fly_agaric

Danno wrote: »

To be honest, neither the Government or the large Multi-Nationals have covered themselves in glory when it comes to our personal data, have they?

Would you trust either?

I'd trust the govt. more, yes (in principle anyway).
Some arms of the state have been less competent than others.
In my opinion, their big data protection issue of last few years (creation of the PS card & mygovid) was largely a problem of procedure/process than anything hugely over-reaching & privacy invasive being attempted by govt.

My multinational tech company of choice probably has less extremely sensitive information about me, but it it has much more detail in some specific areas than the govt. and the only power I have over what they do is my pretty miniscule impact as an individual consumer in a small country (which depends on them for jobs and investment!).

fly_agaric

poff wrote: »

Due to the app providing data about ourselves, we, I think, should be allowed to look inside the programming to verify that it is only doing what it is supposed to do.

Would agree, but don't think it really needs to be developed openly (as I think you suggested?).
My level of distrust is not that high; I hope they [people they contract] make sensible decisions. I mean, if they make terrible ones from a privacy + usability point of view, no one will install the application which will defeat the purpose. The govt. here does not really have the powers of some of the ones in Asia and will find it much harder (likely impossible) to force people to use this application if it came to that.
If they open the source code afterwards + specify exactly what it is doing and how it does it for non developers/non experts (particularly the detail of what data it is collecting and who has the data and how it will be used and stored) that seems enough for me.

poff

Opening the development would give people an insight from the very start. I would consider it important as it gives people an opertunity to intervene early.

The HSE might ask "what could be useful for us to know to make the app and our job even more efficient?" I am not saying those intentions are bad but they have to be communicated. They might be by giving the option of opting in or out (If they want to collect data, the opting in option would be the correct one). But we also have to acknowledge that additional data is not needed for the working of a tracing app. For that reason, I do not think, it should be included. If they want additional data, the can ask nicely in an app, that was designed for only that purpose. Of course, the HSE would say "who would install an additional app?". They would be right but again, it is down to communication like "we would like such and such an information because it would be very useful for us to do/predict/recognise whatever..." and if people can see and understand the value, they will install it. People are very helpful - more in these times because they like the idea of normality.

I hope that the government and HSE is reading some posts on boards.ie and avoid problems that are avoidable and get all the support that they wish for from the people.

VinLieger

I wont trust the app designed to help protect the health of the country and ill complain about my paranoid data security concerns on facebook, twitter and every major social media platform available.

Anyone know how to get to the next 5g protest? Nvm ill just google map it.

/s

plodder

Not sure that open source helps all that much. You can never be 100% sure that the source code you are looking at, is what was used to build the app in its binary form. Also, the app may end up using third party components for which the authors don't have the right to release the source code. There is still going to be some trust required.

A well written document would be much more useful and accessible to people who want to find out how it works, most of whom can't read code anyway.

On the other thread, I asked should an app be mandatory before using public transport for example. I think it probably shouldn't. Better to point out the benefits and appeal to people's better natures.

Diarmuid

plodder wrote: »

Not sure that open source helps all that much. You can never be 100% sure that the source code you are looking at, is what was used to build the app in its binary form.

Yes you can. I use such processes every day at work. It's called Reproducible builds
https://www.google.ie/search?hl=en&q=reproductible+builds

plodder

Diarmuid wrote: »

Yes you can. I use such processes every day at work. It's called Reproducible builds
https://www.google.ie/search?hl=en&q=reproductible+builds

Unless Android or iOS claim to explicitly support such an approach then it's meaningless because users never see these artifacts you are talking about. They just click a link on the app/play store and the app appears on their screen.

Apple and google could do what you are saying, but afaik they currently don't and I'm not sure they ever will.

circadian

I'm one of those who are paranoid about tracking and snooping. I've got a pihole set up at home, my phone and wife's phone are both rooted and modded the hilt and actively blocking as many facebook/google/amazon etc trackers as possible. WhatsApp isn't installed here, Facebook isn't installed, as few Google things are installed as possible.

However, South Korea has shown that using technology like this can be extremely effective and I would be willing to to forgo some privacy if I felt that using this app would benefit and improve the lives of those around me.

I'll wait and see when it's released.

0gac3yjefb5sv7

circadian wrote: »

I'm one of those who are paranoid about tracking and snooping. I've got a pihole set up at home, my phone and wife's phone are both rooted and modded the hilt and actively blocking as many facebook/google/amazon etc trackers as possible. WhatsApp isn't installed here, Facebook isn't installed, as few Google things are installed as possible.

However, South Korea has shown that using technology like this can be extremely effective and I would be willing to to forgo some privacy if I felt that using this app would benefit and improve the lives of those around me.

I'll wait and see when it's released.

Why? From what I hear these apps use minimal personal data. Some only use location and not even name etc. Why are people so afraid of this?

circadian

MattS1 wrote: »

Why? From what I hear these apps use minimal personal data. Some only use location and not even name etc. Why are people so afraid of this?

A lot of apps and websites use facebook/Google analytics which incorporate tracking algorithms. Fact is, even if you never had a Facebook profile they know you exist and can create a fairly accurate profile of who you are based on tracking cookies and your friends/family with active Facebook accounts.

Everyone has a right to privacy, especially if you decide to not use a service then the very least they could do is respect that.

We have seen in recent years this type of data has bee used maliciously and its partly a result of users being iltoo trusting but also badly designed websites/apps or even intentionally designed to gather data in a disingenuous way.

I have children. They have never been mentioned on any social media, pictures have never been shared on social media, including WhatsApp. They aren't old enough to decide if they want their information shared so I won't be doing it on their behalf.

If I, my wife or children decide to go for a job, run for public office or any other number of things in the future then I'd rather have as little information that can be manipulated and used against us available online.

Whereas, this app. If its effective then I'm willing to forgo some level of privacy if it genuinely will benefit society as opposed benefitting companies and malicious actors.

hmmm

Absolutely. I'm willing to give up a small bit of privacy to try and reduce the need for lockdowns. It's the least I can do as an individual.

When this is over I'll delete the app.

Diarmuid

Worrying signs from the UK
https://www.theregister.co.uk/2020/05/04/uk_covid_app_human_rights_parliament/
https://tech.newstatesman.com/coronavirus/palantir-covid19-datastore-coronavirus

Meanwhile
https://www.reuters.com/article/us-health-coronavirus-usa-apps-idUSKBN22G28W
The headline isn't totally accurate.

The Apple-Google decision to not allow GPS data collection with their contact tracing system will require public health authorities that want to access GPS location to rely on what Apple and Google have described as unstable, battery-draining workarounds.

Alternatives likely would miss some encounters because iPhones and Android devices turn off Bluetooth connections after some time for battery-saving and other reasons unless users remember to re-activate them.

Apple and Google also said Monday they will allow only one app per country to use the contact system, to avoid fragmentation and encourage wider adoption.

poff

VinLieger wrote: »

I wont trust the app designed to help protect the health of the country and ill complain about my paranoid data security concerns on facebook, twitter and every major social media platform available.

Anyone know how to get to the next 5g protest? Nvm ill just google map it.

/s

If you really have those "paranoid data concerns", I would suggest to first delete your social media accounts and never ever go there again. They really know how you tick, whether you have an account or not. The concerns about the app is not about data mining in the big way (this is, what earns social media a lot of money), The tracing app might like some health data or the location but not for the reason of making money. However, I would like to see the source code as I said many times and, if you are concerned about data, you could be asking for the same at facebook, twitter and the likes. Would they give it to you? No, they could not care less about a few (or few thousands) who will refuse to use their services. They are doing tracking across websites, even non facebook members. That would be a valid concern. Stay away from conspiracy websites and do some research on this.

5G? If you have concerns, get rid of your phone as it might not be safe to have it close to your head no matter whether it is 5, 4, 3, 2G or GSM.

I wrote this post to point out the problems but this thread is not the thread for discussing facebook data concerns. I apologise to the other posters for this post. However, when we talk about privacy, there are many areas to look at. Here, we like to make sure that the HSE will get it right.

poff

plodder wrote: »

Unless Android or iOS claim to explicitly support such an approach then it's meaningless because users never see these artifacts you are talking about. They just click a link on the app/play store and the app appears on their screen.

Apple and google could do what you are saying, but afaik they currently don't and I'm not sure they ever will.

It is not important whether users know about this or not. It is important that some people who are in e.g. programming can understand and verify that the app is the same as the open source code.

plodder

poff wrote: »

It is not important whether users know about this or not. It is important that some people who are in e.g. programming can understand and verify that the app is the same as the open source code.

It's the same for users and for software developers. You can't know for sure that the app you have downloaded from the app store or play store was built from any particular version of source code that you can look at.

Even if you could, the app is only one (albeit visible) component of a system like this. What about the backend server software? What about third party components that the app developer doesn't even have the source code for?

The article mentioned above from The Register has a link to an official blog post describing the UK's system. It also has a link to a more detailed technical description. That is what we need too. Right now, I have little to no idea how the Irish system is going to work. Like, will it use part of our postcode like the UK system? That would be a major concern for me .. etc.

plodder

There seems to be still a lot of doubt as to whether the UK app will be able to work around the restrictions imposed on background apps. This article seems quite convincing and raises serious questions about whether it will work.

https://www.theregister.co.uk/2020/05/05/uk_coronavirus_app/

Diarmuid

plodder wrote: »

It's the same for users and for software developers. You can't know for sure that the app you have downloaded from the app store or play store was built from any particular version of source code that you can look at.

yes you can. I've pointed this out already

plodder

Diarmuid wrote: »

yes you can. I've pointed this out already

and I replied in post #46. What you are suggesting doesn't work without buy-in from the platforms. Android and iOS could allow you to verify an installed app against some version of source code somewhere, but they don't.

poff

plodder wrote: »

There seems to be still a lot of doubt as to whether the UK app will be able to work around the restrictions imposed on background apps. This article seems quite convincing and raises serious questions about whether it will work.

https://www.theregister.co.uk/2020/05/05/uk_coronavirus_app/

My question would be: How much trust have the British people is such an app? Will the lack of trust make this app a failure, even if they would get it to work nicely?

Looking at "our" poll, 61% would opt in, which is quite close to the minimum to make it work (60%).

The more I think about this, the less I think that I need or want a tracing app. I don't believe in getting back to normal as it was because the virus will spread with the app or without if we ignore the simple rules. There should be the "new normality" which means physical distance until the vaccine is here. I don't think that there is a problem with any outdoor activity (beaches, markets, playgrounds, etc) as long as we stick to the distancing. BBQ with friends - why not if we keep the distance. Even if close meetings of a small number of people will be allowed - I will not be part of it, I have my own rules :cool:

xabi_a

poff wrote: »

the virus will spread with the app or without if we ignore the simple rules. :cool:

I agree with a lot of what you said but not this bit. The app will allow much faster and more focused testing and contact tracing. That means we can all get a bit closer to the old normal (which I think will be hard to stop) and actually spread the virus more, but counteract that with the better tracking and tracing.

Miike

This app has the potential to change the face of contact tracing. It would literally send you a notification telling you you've been in contact with someone who has tested +ve. This could stop the spread of the virus in the community at an unfathomable level, whether you agree with that or not is your own take on things but that's the reality. You can read about how effective it's been in Singapore for alerting people of their need to self-isolate because of contact with a confirmed case.

It will just keep a log of your physical contacts, locations and time spent in the vicinity of a later confirmed case. Do I really give a flying **** if someone knows where I've been? Not really. Not in the short term until we get ahead of this.

Diarmuid

Good news on the Irish app. Using Google/Apple API and the decentralized approach. Sensible heads prevailed.
https://www.irishtimes.com/business/technology/hse-covid-19-tracing-app-data-will-be-stored-on-individual-devices-1.4240304

poff

Why "non-disclosure agreements"? If I may ask. Are non-disclosure agreements of any advantage apart from hiding what the app does? Are non-disclosure agreements establishing trust?

plodder

poff wrote: »

My question would be: How much trust have the British people is such an app? Will the lack of trust make this app a failure, even if they would get it to work nicely?

Looking at "our" poll, 61% would opt in, which is quite close to the minimum to make it work (60%).

The more I think about this, the less I think that I need or want a tracing app. I don't believe in getting back to normal as it was because the virus will spread with the app or without if we ignore the simple rules. There should be the "new normality" which means physical distance until the vaccine is here. I don't think that there is a problem with any outdoor activity (beaches, markets, playgrounds, etc) as long as we stick to the distancing. BBQ with friends - why not if we keep the distance. Even if close meetings of a small number of people will be allowed - I will not be part of it, I have my own rules :cool:

It seems the UK are out on a limb. If their app is perceived as a battery hog or that it's collecting data unnecessarily (which I wouldn't quite agree with, but perceptions are still important) then it could impact the adoption rate. It's probably for the best that ours is going with the general consensus.

But, on the need for contact tracing apps per-se, they may not help much with the activities you mention above, but I think public transport in big cities is the single standout area they will be needed. As the restrictions are eased over the months, then more uses will become apparent. The decentralised apps though will (ironically) need very strong controls over symptom reporting. If there is any way to make fake reports, which aren't validated by doctors then the system will be useless.

Why "non-disclosure agreements"? If I may ask.

Being optimistic about that, maybe they just want to control the level of online outrage until they are absolutely clear what can be and is going to be delivered. And basically, it's really the customer paying for the app who should be doing the "disclosing", not the app developers as such.

If you want to be pessimistic, you might be concerned about a culture of secrecy etc etc, but hopefully that turns out not to be the case.

Diarmuid

poff wrote: »

Why "non-disclosure agreements"? If I may ask. Are non-disclosure agreements of any advantage apart from hiding what the app does? Are non-disclosure agreements establishing trust?

That sounds like just ass covering, I'm not surprised that the y didn't mention GDPR for good measure. The good thing about using the google/apple API is that by design they are restricted from what they can do. Apparently you don't even need to include your phone number when installing the app.

xabi_a

Non-disclosure agreements (NDA's) are standard practice in software projects. If two companies have to work together on a project, it basically says that each won't reveal or misuse propriety information about the other. So I wouldn't read anything into that.

I'd love if this was treated as an open source project. These as commonplace in software, where code is shared and people can contribute. But I'd imagine such a concept would be entirely foreign to the HSE.

Personally I have no fear whatsoever using the app. If sworn enemies like Apple and Google come together and agree a privacy protocol then it must be meaningful. And sure if I ever go into hospital, the HSE gets lots of my data anyway!

Diarmuid

On reading the article again, I suspect the NDA is in place at the HSE insistence so that they control the communication around the app

poff

Australia: Covidsafe app is not working properly on iPhones, authorities admit

https://www.theguardian.com/world/2020/may/06/covidsafe-app-is-not-working-properly-on-iphones-authorities-admit